Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Computer Security. Show all posts

Russian IT expert Menshakov listed the ways to protect personal data


According to the expert, to protect yourself from phishing attacks and fraud using malicious software aimed at people working remotely, you need to follow certain rules. In particular, follow the news and discuss threats.

"Knowledge is power. The best defense against online threats is an attack. In the context of the digital space, this means having up-to-date information. The more you know about the methods of deceiving users, the less likely that you will become a victim of hackers and believe a phishing email with an offer to buy a COVID-19 vaccine online or a coupon for vaccination without a queue," said Mr. Menshakov.

The expert also advises checking the sources of emails. It is equally important not to trust emails and text messages from people you know or from organizations that contain requests or improbably tempting offers. Before you click on the link, you need to go to the company's website yourself or call its support service. Checking the sources will protect you from downloading malicious content from phishing links.

"Hover the cursor over the links, study the composition of the URL. If you receive an email with a link, hover your mouse over it, but do not click on it. This way you can see where this URL leads. If the address looks suspicious, delete the message. Risk indicators: Fake links usually look like links to trusted sites, but may contain extra words or domains. If there are doubts about the nature of the URL, do not click on it," advised the expert.

In addition, Menshakov recommends that you secure your devices with several complementary tools. In particular, you can use two-factor authentication (2FA) passwords.

"Regular password changes and two-factor authentication (2FA) are the most effective way to fight hackers," noted the expert.

In addition, you should use a virtual private network (VPN), which will help you establish an encrypted connection and hide activities on the network from hackers.

Russian experts give tips on how to prevent personal data leakage

In Russia, the number of cyber attacks increased by almost a quarter in the first quarter of 2020, said Anton Kukanov, head of the Russian Quality System (Roskachestvo) for Digital Expertise, citing Positive Technologies data.

The expert also clarified that about 13% of fraudulent links were related to the topic of the coronavirus pandemic. He drew attention to the fact that almost half of all stolen information in the first quarter of 2020 were usernames and passwords.

According to Anton Kukanov, the main purpose of scammers is not the personal data of users, but payment information.

"They use phishing campaigns, social engineering techniques, and a wide range of malicious programs for this purpose, such as keyloggers that record and transmit passwords, remote access programs that allow a hacker to control the device," said Mr. Kukanov.

The expert advises not to click on suspicious links and not to use sites with illegal content in order to prevent fraudsters from stealing logins and passwords. In particular, resources with free movies, including new products, or games that users love so much, can actually be "monetized" by viral software.

"It is also not recommended downloading applications on third-party sites. You need to do it exclusively in official stores, otherwise, you can quickly "catch" the virus. However, there is a risk of "infecting" the gadget through the official store, although less", noted Anton Kukanov.

Moreover, a specialist from Roskachestvo advises looking at the rating of the application before installing it and read reviews without fail in order not to download an application with a virus.

He also recommended paying attention to the permissions that are requested by installed applications. For security reasons, according to Kukanov, it is better to reject those that contradict the meaning of the application.

November 30 Computer Security Day by Cyber Security and Privacy Foundation


International Computer Security Day is the day which takes place annually on November 30 and is celebrated to raise awareness in computer security - help people to prevent them falling prey to malware attacks, scams, loss of personal and company data .

Cyber Security and Privacy Foundation(CSPF) & Anna University CSE Department celebrated the Computer Security Day on November 30, 2019 at Anna University, Chennai, India.


Michael Costa

Michael Costa, Deputy Consulate General of Australia for South India, was the chief guest of the event.  The event started with welcome address speech by R. RamaMurthy, chairman of CSPF.

The speakers:
  • Dr. R.K. RAGHAVAN- Former High Commissioner of India, Republic of Cyprus.
  • Dr.R.SADAKATHULLAH– Former Regional Director,RBI,Chennai.
  • Dr. S SATHIK-Former Vice Chancellor, University of Madras.
  • SUGATA ROY – Specialist for Communication, Advocacy & Partnerships of UNICEF
  • R. RAM KUMAR - CEO, Amvion Labs Pvt Ltd
  • SURIYA - Head – Reeja Vajra APT Scan, CSPF Pte Ltd., Singapore

Russia developed a new protected computer “Elbrus 801M”


Russian developers from the concern "Avtomatika", part of the Russian State Corporation" Rostec", presented a new high-performance monoblock computer “Elbrus 801M” at the XIV International Aviation and Space Show (MAKS)-2019.

According to the developers, “Elbrus 801M” meets all the usual requirements for a modern office computer, but at the same time, this machine is superior to foreign analogs in terms of cybersecurity.

As the developer’s representative explained, the new computer is protected from most hacking methods known today.

According to Rostec, the main users of this monoblock will be government agencies, as well as companies from the defense sector, oil, energy and transport industries.

According to experts, new monoblock “Elbrus 801М” will be in demand by users due to the high level of performance, cyber security and ergonomic characteristics. Experts said that the performance of the monoblock exceeds 120 GFlops. It is noted that the monoblock was created on the basis of the Russian eight-core Central microprocessor “Elbrus-8”.

“We are already ready to take orders for the production of such computers. Our monoblocks based on Russian-made processors are interested in those who need computer equipment with domestic processors, with a high level of protection against cyber attacks,” - said the developer’s Assistant, Konstantin Trushkin.

According to him, the development of the monoblock cost ten times cheaper than foreign industry leaders.

It’s important to note that the motherboard, processor, peripheral controller of the computer are created in Russia. Domestic software is also used: BIOS and Russian-made operating system Elbrus Linux. It is known that “Elbrus 801M” is compatible with 32-bit operating systems, such as Microsoft Windows.

“Most of the known hacker methods of hacking against “Elbrus” do not work. The original command system of monoblock requires the creation of new viruses, which today simply does not exist, they have not yet been developed,” said Trushkin.

By 2020, it is planned to sell several thousand pieces of equipment. In addition, in 2020, an improved “Elbrus” model with a next-generation processor should appear.

Google’s security tools can shield from cyber-attacks

Google has long been asking users to enable its security tools for shielding all its services - from Gmail to Google Photos - from hacking attempts.

The search giant has been pretty vocal about the importance of these features, but now, instead of urging users, it has released hard stats revealing how useful these capabilities can really be.

Let's take a look.

Advantage

Adding phone number can fend off bot-based attacks.

Researchers from New York University and the University of California, San Diego partnered with Google to assess at the impact of its security tools in preventing hijack attempts.

The results, presented recently at The Web Conference, revealed that simply adding a recovery phone number to Google account helped block a 100% bot-based attacks, 99% of automated phishing attacks, and 66% of targeted attacks.

Protection

Two-factor authentication offers highest security.

Google has been saying this for years and the stats prove it - two-step verification is the securest offering right now.

The studies reveal that using phone number-based 2SV (SMS verification) blocked 100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks.

Meanwhile, on-device prompts prevented 100% of automated bots, 99% of bulk phishing attacks and 90% of targeted attacks.

Security key offers strongest shield.

Notably, among all two-step verification methods, using a physical security key proved to be the strong account shield. It blocked all kind of attacks with a 100% success rate.

Risk

Google also showed what happens when you don't use 2SV.

The same study also measured the effectiveness of default sign-in verification techniques, like last location signed-in or your secondary email.

These knowledge-based methods are used when the company detects a suspicious sign-in attempt, say from a new device/location, and you don't have a 2SV on.

The results showed these methods can block bot-based attacks but can fail miserably against phishing or targeted hijack.

Indian Pleads Guilty To Destroying University Computers via USB Killer Drive



An Indian national in the US 'pleaded guilty' for this week to pulverizing 59 computers at the College of St. Rose, in New York, through a weaponized USB thumb drive named "USB Killer" that he bought on the web.

The gadget empowered the 27-year old Vishwanath Akuthota to effectively damage gear and equipment worth $51,109, roughly accounting for Rs. 35, 46,700 alongside $7,362 approximately Rs. 5, 10,900 in employee time for exploring and supplanting pulverized hardware.

The incident occurred on February 14, as indicated by court documents acquired by ZDNet, and the suspect recorded himself while pulverizing some of the computers. In the recording, the he was seen saying, "I'm going to kill this guy,", and once he was finished with the procedure, he was seen saying things like, "it's dead" and "it's gone. Boom."


The explanation behind the crime anyway isn't known as of yet.

Surprisingly the weaponized thumb drive known as USB Killer is effectively accessible on the web and he had bought it from a rather well-known online store that sells these kinds of gadgets.

USB Killer devices work by quickly charging thumb drive capacitors from the USB control supply, and after that releasing the electrical current again into the USB slot - all in mere seconds- - successfully frying the computer to which the USB Killer device is connected to.

Akuthota was arrested on February 22 and will be condemned not long from now, on August 12. He faces up to ten years in prison, a fine of up to $250,000, and a term of post-imprisonment supervised release of up to 3 years.

Cyberattacks can even take human lives

Cyberattacks by nation-states will soon kill people, either deliberately or unintentionally, a senior security researcher told attendees at the RSA Conference this week.

The May 2017 WannaCry attacks by North Korea and the NotPetya attacks by the Russian military in June 2017 shut down hospitals, disrupted shipping and cost hundreds of millions of dollars in losses — much of it in the form of collateral damage.

It is inevitable, she said during her RSA presentation yesterday (March 5), that future nation-state attacks on such scale will cause loss of life.

"I rarely get to stand up in front of groups and tell them that the news is getting better," Joyce told the crowd. "But if you have purely destructive malware backed by a nation-state, then where does that leave us?"

NotPetya, which targeted tax-collection software that every business in Ukraine was obliged to run, masqueraded as ransomware, Joyce explained. But it was impossible to decrypt the affected data even if a ransom was paid. The goal of NotPetya was purely destructive, and the destruction streamed outward from Ukraine to infect companies and other institutions in 65 other countries.
Part of the collateral damage was at U.S. hospitals, Joyce said, where some patients could not be immediately treated as a result.

"A friend of mine who was suffering from throat cancer was turned away and told to come back next week," Joyce said.

"If you have purely destructive malware backed by a nation-state, then where does that leave us?"
—Sandra Joyce, FireEye senior vice president


Had anyone died as a result of NotPetya, that would have been an unintended consequence of a specific attack on Ukraine's economy. But nation-state malware already exists that is designed to deliberately kill people, according to Joyce.

iPhone hacking tool for sale on eBay

iPhones are renown for their security -- to the point that even law enforcement agencies have trouble accessing their contents. An Israeli firm, Cellebrite, became well-known when it transpired that hacking tools it made were used by the US government to crack locked iPhones and now its hacking tools are available to buy on eBay.

Cellebrite phone-cracking devices, beloved by law enforcement, are available at bargain-basement prices so you can get a gander at all the devices that the police have presumably been able to squeeze for data.

The Cellebrite Universal Forensic Extraction Device (UFED) is a smartphone hacking tool commonly used by the FBI, Department of Homeland Security and other law enforcement agencies in the US and elsewhere. It’s the most powerful tool yet created by the Israeli company, able to extract a huge amount of data – even data which has been deleted from phones.

Security researcher Matthew Hickey who is the co-founder of the training academy, Hacker House recently told Forbes that he’d picked up a dozen Cellebrite UFED devices for dirt cheap and probed them for data, which he found in spades.

For as little as $100-$1000, you can get your hands on a second-hand piece of Cellebrite equipment (a fraction of its usual selling price). For just a few Benjamins, you could get a Cellebrite UFED (Universal Forensic Extraction Device) and use it for whatever you might fancy.

A brand new one normally costs $5,000 to $15,000 depending on the model.

What surprised Hickey was that nobody bothered to wipe these things before dumping them onto eBay, he told Forbes:

“You’d think a forensics device used by law enforcement would be wiped before resale. The sheer volume of these units appearing online is indicative that some may not be renewing Cellebrite and disposing of the units elsewhere.”

Users Warned Against Unofficial Sites Pushing Notepad2 Adware Bundles





The users' anticipating to download the exceptionally well known Notepad substitution called Notepad2, are cautioned once more to be careful of sites made to look official, however really disseminate Notepad2 as an adware bundle.

The search result was for a site called Notepad2.com, when done as such through Bing, their insight card expressed that the official site is flos-freeware.ch. Now, while the site appeared to be unique and marketier, users' would simply assume that the developer made a committed site for it. The only odd thing to be observed was that the logo they were utilizing was one that was very similar to the one for Notepad++.

It isn't until the point when the user attempts to download the executable and ESET blocked the document from being downloaded then they understand that something isn't right. When they scroll to the very bottom of the page did they'll see an explanation this was an “unofficial website dedicated to the opensource software” this is the moment that they will realize that the site was plainly made to distribute adware bundles with the end goal to generate a couple of bucks for the developer.

Whenever downloaded, the installer has the genuine name of Notepad2-x64_1746715231.exe. Whenever executed, however, it is rapidly evident this is an adware bundle. When clicked next, the user will be demonstrated different offers. On the Windows 10 machine, the user will be possibly offered Opera and on an Any.Run install it very well may be the game War Thunder.

At the point when done installing the offers, it will download a zipped copy of Notepad2 and spare it in the Downloads folder.

That regardless of whether they user conceives that they know how to spot tricks and scams, have a great understanding about computer security and malware, and attempt to be diligent, they can even now get in trouble on the web.

So it is advised for the users to be extremely watchful out there, and accomplish more research before downloading softwares except if they know it's originating from a respectable source, which is ideally the developer's webpage.


Security breach encountered in Perth international airport

A Vietnamese hacker infiltrated Perth international airport's computer system and swiped away sensitive security details. Le Duc Hoang Hai, 31 , utilized credentials of a third party contractor to unlawfully get to the airport's system in March a year ago.

Prime Minister Malcolm Turnbell's cyber security adviser Alastair Macgibbon told the West Australian that the Vietnamese figured out how to steal "a significant amount of data". He added the hack to be "a close miss" that could have been a considerable measure more terrible. The programmer could get the data on the Airport's building security yet luckily not radars. The authorities at the Airport detected a security breach and informed the federal cyber security authorities in Canberra who at that point tipped-off Vietnam.

 The 31-year-old was then arrested in Vietnam after the authorities got the information about the tip-off from the Australian federal police. He has been convicted in a Vietnamese military court and condemned to 4 years behind the bars. Aside from this, the travellers were not placed in threat as he was not able access radars, computer data related with air traffic or even the personal details of said travellers.

 Kevin Brown,Perth Airport CEO,later assured that no personal data of members of the public,such as details of credit card numbers, was accessed but other Perth Airport documents were taken. Brown said the airport has completed a full risk assessment of the data stolen and concluded that there was no threat or risk to the travelling public.The Perth international airport was in any case, the main Australian focus of the hacker, who had prior succeeded in compromising the website of the Vietnamese banks and telecommunications also including an online military newspaper.

 Macgibbon further added saying that right now there is no confirmation whether Hai, was working with a bigger hacking group or whether the data stolen in the breach was sold off or leaked online. In any case, he commented on the incident saying that it is indeed a warning sign that crisis like these are going to be encountered a lot in the coming future.

U.S spies can find you through your photos


Iarpa, the intelligence community’s way-out research shop, wants to know where you took that vacation picture over the Fourth of July. It wants to know where you took that snapshot with your friends when you were at that New Year’s Eve party. Oh yeah, and if you happen to be a terrorist and you took a photo with some of your buddies while prepping for a raid, the agency definitely wants to know where you took that picture — and it’s looking for ideas to help figure it out.

Apple Mac Book vulnerable to hack using Battery

Ethical Hacker Charlie Miller has find a way to hack the MacBook using the battery.

"Laptop battery contains its own monitoring circuit which reports the status of the battery to the OS. It also ensure that the battery does not overcharge even when the laptop is turned off." Digitizor report reads.


He identified the battery chips are shipped with default password.  It means the hacker who finds the default password and learns to control the firmware is able to control them to do anything he wants.

 "You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery." Digitizor quoted as Miller saying.